syzbot

 sign-in | mailing list | source | docs
🐞 Open [1490]
Subsystems
🐞 Fixed [6559]
🐞 Invalid [16781]
Missing Backports [203]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in vc_deallocate

Status: upstream: reported C repro on 2025/09/08 18:45
Subsystems: serial
[Documentation on labels]
Reported-by: syzbot+f6cb41c144427dc0796a@syzkaller.appspotmail.com
First crash: 2d11h, last: 18m
Cause bisection: introduced by (bisect log) :
commit 23743ba64709a9c137c1b928f8b8e00d846af9cc
Author: Calixte Pernot <calixte.pernot@grenoble-inp.org>
Date: Mon Aug 25 12:56:09 2025 +0000

  vt: add support for smput/rmput escape codes

Crash: BUG: unable to handle kernel NULL pointer dereference in vc_deallocate (log)
Repro: C syz .config
  
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] [serial?] general protection fault in vc_deallocate 2 (6) 2025/09/10 07:20
[PATCH Next] vt: move vc_saved_screen to within tty allocated judgment 2 (2) 2025/09/09 06:35
Last patch testing requests (2)
Created Duration User Patch Repo Result
2025/09/10 06:48 31m jirislaby@kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/jirislaby/linux.git/ tty-fix OK log
2025/09/09 00:11 22m eadavis@qq.com patch linux-next OK log

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc00000000b2: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000590-0x0000000000000597]
CPU: 0 UID: 0 PID: 6017 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:vc_deallocate+0x303/0x3e0 drivers/tty/vt/vt.c:1345
Code: e8 52 5e cf fc 49 c7 07 00 00 00 00 eb 0e e8 84 56 6b fc eb 05 e8 7d 56 6b fc 31 db 4c 8d b3 90 05 00 00 4d 89 f4 49 c1 ec 03 <43> 80 3c 2c 00 74 08 4c 89 f7 e8 2e 5d cf fc 4d 8b 3e 4d 85 ff 74
RSP: 0018:ffffc900039379e0 EFLAGS: 00010206
RAX: ffffffff8554a6c3 RBX: 0000000000000000 RCX: ffff888079423c80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000003f
RBP: ffffc90003937a90 R08: ffffffff8fe50ccf R09: 1ffffffff1fca199
R10: dffffc0000000000 R11: fffffbfff1fca19a R12: 00000000000000b2
R13: dffffc0000000000 R14: 0000000000000590 R15: ffffffff9a274bd0
FS:  0000555578a99500(0000) GS:ffff8881257b1000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000100 CR3: 0000000075f72000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 vt_disallocate_all+0x60/0xe0 drivers/tty/vt/vt_ioctl.c:652
 vt_ioctl+0x1adc/0x1f20 drivers/tty/vt/vt_ioctl.c:886
 tty_ioctl+0x926/0xde0 drivers/tty/tty_io.c:2792
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdf9c78eba9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff941fbe78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fdf9c9d5fa0 RCX: 00007fdf9c78eba9
RDX: 0000000000000000 RSI: 0000000000005608 RDI: 0000000000000004
RBP: 00007fdf9c811e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fdf9c9d5fa0 R14: 00007fdf9c9d5fa0 R15: 0000000000000002
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:vc_deallocate+0x303/0x3e0 drivers/tty/vt/vt.c:1345
Code: e8 52 5e cf fc 49 c7 07 00 00 00 00 eb 0e e8 84 56 6b fc eb 05 e8 7d 56 6b fc 31 db 4c 8d b3 90 05 00 00 4d 89 f4 49 c1 ec 03 <43> 80 3c 2c 00 74 08 4c 89 f7 e8 2e 5d cf fc 4d 8b 3e 4d 85 ff 74
RSP: 0018:ffffc900039379e0 EFLAGS: 00010206
RAX: ffffffff8554a6c3 RBX: 0000000000000000 RCX: ffff888079423c80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000003f
RBP: ffffc90003937a90 R08: ffffffff8fe50ccf R09: 1ffffffff1fca199
R10: dffffc0000000000 R11: fffffbfff1fca19a R12: 00000000000000b2
R13: dffffc0000000000 R14: 0000000000000590 R15: ffffffff9a274bd0
FS:  0000555578a99500(0000) GS:ffff8881257b1000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000100 CR3: 0000000075f72000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	e8 52 5e cf fc       	call   0xfccf5e57
   5:	49 c7 07 00 00 00 00 	movq   $0x0,(%r15)
   c:	eb 0e                	jmp    0x1c
   e:	e8 84 56 6b fc       	call   0xfc6b5697
  13:	eb 05                	jmp    0x1a
  15:	e8 7d 56 6b fc       	call   0xfc6b5697
  1a:	31 db                	xor    %ebx,%ebx
  1c:	4c 8d b3 90 05 00 00 	lea    0x590(%rbx),%r14
  23:	4d 89 f4             	mov    %r14,%r12
  26:	49 c1 ec 03          	shr    $0x3,%r12
* 2a:	43 80 3c 2c 00       	cmpb   $0x0,(%r12,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 f7             	mov    %r14,%rdi
  34:	e8 2e 5d cf fc       	call   0xfccf5d67
  39:	4d 8b 3e             	mov    (%r14),%r15
  3c:	4d 85 ff             	test   %r15,%r15
  3f:	74                   	.byte 0x74

Crashes (151):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/10 13:18 linux-next 5f540c4aade9 fdeaa69b .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/08 17:28 linux-next 3e8e5822146b d291dd2d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/10 20:58 linux-next 5f540c4aade9 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/10 19:55 linux-next 5f540c4aade9 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/10 17:43 linux-next 5f540c4aade9 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/10 15:46 linux-next 5f540c4aade9 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/10 15:44 linux-next 5f540c4aade9 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/10 14:25 linux-next 5f540c4aade9 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/10 11:57 linux-next 5f540c4aade9 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/10 10:27 linux-next 5f540c4aade9 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/10 08:37 linux-next 5f540c4aade9 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/10 08:36 linux-next 5f540c4aade9 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/10 06:32 linux-next 65dd046ef558 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/10 04:03 linux-next 65dd046ef558 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/10 02:59 linux-next 65dd046ef558 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/10 01:27 linux-next 65dd046ef558 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/10 00:28 linux-next 65dd046ef558 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/09 23:15 linux-next 65dd046ef558 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/09 21:45 linux-next 65dd046ef558 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/09 20:23 linux-next 65dd046ef558 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/09 19:02 linux-next 65dd046ef558 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/09 18:38 linux-next 65dd046ef558 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/09 16:31 linux-next 65dd046ef558 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/09 15:31 linux-next 65dd046ef558 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/09 14:02 linux-next 65dd046ef558 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/09 09:33 linux-next 65dd046ef558 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/09 07:33 linux-next 65dd046ef558 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/09 05:27 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/09 04:22 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/09 03:07 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/09 01:44 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/09 00:07 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/08 21:33 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/08 19:17 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/08 17:06 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/08 16:04 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/08 15:22 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/08 15:22 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/08 15:01 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/08 14:54 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/08 14:35 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/08 14:35 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/08 14:34 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/08 14:25 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/08 14:08 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/08 14:07 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/08 14:07 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
2025/09/08 14:04 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce general protection fault in vc_deallocate
2025/09/08 10:44 linux-next 3e8e5822146b d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in vc_deallocate
* Struck through repros no longer work on HEAD.